whiteghost
v1.2.0
Published
CLI for the Whiteghost internal app platform: scaffold apps, run them locally against a shared Cloud SQL dev schema, and manage migrations.
Maintainers
castri1Readme
┏┳┓┏━╸╻ ┏━┓┏┓╻┏┓╻
┃┃┃┣╸ ┃ ┃ ┃┃┗┫┃┗┫
╹ ╹┗━╸┗━╸┗━┛╹ ╹╹ ╹
─ ─ ─ ─ ─ platform ─ ─ ─ ─ ─
██╗ ██╗██╗ ██╗██╗████████╗███████╗
██║ ██║██║ ██║██║╚══██╔══╝██╔════╝
██║ █╗ ██║███████║██║ ██║ █████╗
██║███╗██║██╔══██║██║ ██║ ██╔══╝
╚███╔███╔╝██║ ██║██║ ██║ ███████╗
╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝
╔═╗╦ ╦╔═╗╔═╗╔╦╗
║ ╦╠═╣║ ║╚═╗ ║
╚═╝╩ ╩╚═╝╚═╝ ╩
from `git commit` to live URL.
zero platform admins required.
by CTR1┌─────────────────────────────────────────────────────────────┐
│ $ whiteghost init │
│ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓░░░ 92% │
│ ✓ repo.create ✓ secrets.create ✓ iap.expose │
│ ✓ build.trigger ✓ db.schema ✓ dns.record │
│ ✓ run.service ✓ firestore.register → live in 60s │
└─────────────────────────────────────────────────────────────┘What is this
whiteghost is the CLI that turns a five-minute interview into a live, deployed, melonn-internal application — repo, pipeline, Cloud Run service, database, secrets, DNS, TLS, and SSO — without anyone from the platform team lifting a finger.
It's built for non-engineer melonn employees who want to ship tools for their own team (Ops, Finance, HR, Customer Success) with Claude Code as their pair programmer. Answer five questions, push to main, refresh a URL sixty seconds later.
If you're new here, the illustrated field guide is the best place to start: marketplace.apps.melonn.com/getting-started.
Quickstart
# 1 ─ Install (once, globally)
npm install -g @melonn/whiteghost
# 2 ─ Sign in with your @melonn.com Google account
whiteghost login
# 3 ─ Scaffold a new project
mkdir orders-board && cd orders-board
whiteghost init
# 4 ─ Open with Claude Code, describe what you want
claude
# 5 ─ Claude commits + pushes; Cloud Build deploys in ~60s
# Your app is live at https://<slug>.apps.melonn.comWhat it actually provisions
One whiteghost init + one /provision inside Claude Code gives you:
| Layer | What gets created |
|-------------|------------------------------------------------------------------------------|
| Source | GitHub repo in whiteghost-melonn/, created by the Whiteghost GitHub App |
| CI | Cloud Build trigger wired to the repo — rebuilds on every push to main |
| Image | Pushed to Artifact Registry at us-east1-docker.pkg.dev/…/platform/<slug> |
| Runtime | Cloud Run service, us-east1, private-VPC egress for DB access |
| Auth | IAP (melonn-only) via the shared platform HTTPS LB, or fully public |
| Domain | <slug>.apps.melonn.com — Certificate Manager wildcard, Route 53 A record |
| Data | Shared Postgres (10.62.0.3) + per-app schema, or Firestore, your choice |
| Secrets | Secret Manager bindings injected as env vars at runtime |
| Identity| Per-app GSA, Workload Identity, no credential files on disk |
All of it is idempotent — re-run the provision graph and it reconciles state. Drop a resource, re-run, it comes back. Nothing to un-tangle manually.
The five-question interview
Let's set up your application.
Signed in as [email protected] — using this as the owner.
> What do you want to call your app? (e.g. Orders Board)
> One-line description (optional)
> Does this app need a database? (y/n)
> What type of backend? (A: Web App · B: Data & Analytics)
> Who should be able to use this app? (A: melonn team · B: public)
Review
────────────────────────────────────────────────────
Name: Orders Board
Description: Track incoming orders.
Database: yes
Backend: Web Application (Node.js + Express)
Access: melonn team only
Owner: [email protected]
────────────────────────────────────────────────────
Everything look right? (enter to continue, r to redo)Owner email is pulled from whiteghost login. Team, tags, and DB engine default sanely and can be edited in app.config.json afterwards.
Commands
In your terminal
| Command | What it does |
|----------------------|----------------------------------------------------------------|
| whiteghost login | Sign in with your @melonn.com Google account |
| whiteghost init | Run the interview, scaffold a project in the current directory |
| whiteghost preflight| Check that Node, git, docker, gcloud etc. are installed |
| whiteghost whoami | Show the identity in your credentials file |
| whiteghost commands| Print the full command + slash-command + agent reference |
Inside Claude Code (slash commands, after scaffolding)
| Slash command | What it does |
|---------------|---------------------------------------------------------------|
| /init-app | Generate README and final app config after scaffold |
| /provision | Walk through the platform dep-graph and create your resources |
| /stop-dev | Stop the frontend + backend dev servers |
| /doctor | Run pre-deploy compliance + health checks |
| /deploy | Tail the live Cloud Build + Cloud Run logs |
| /db-setup | Turn on (or off) the managed database for this app |
| /env | View or update non-secret environment variables |
| /commit | Stage, commit, and push |
To start the app locally, run whiteghost dev directly — there is no
/run-dev slash command.
Agents (auto-invoked by Claude)
frontend-page, frontend-component, backend-route, backend-test,
database-model, database-seed, security-scan.
For the live, source-of-truth list of CLI commands, slash commands, and
agents, run whiteghost commands — it discovers them from the template tree.
Architecture
┌──────────────┐ whiteghost init + /provision
│ builder │ ─────────────────────────────────▶ ┌──────────────────┐
│ (you) │ │ admin-app │
└──────┬───────┘ │ (control plane) │
│ └─────────┬────────┘
│ git push │
▼ │ calls
┌──────────────┐ trigger ┌────────────────┐ ▼
│ GitHub │ ────────────────────▶│ Cloud Build │ ┌──────────────┐
│ we-are- │ │ (2nd gen) │ │ GCP APIs │
│ melonn/<x> │ └────────┬───────┘ │ run, build, │
└──────────────┘ │ deploy │ sm, ar, dns │
▼ └──────────────┘
┌────────────────┐
│ Cloud Run │ ◀── IAP (internal)
│ <slug> │ Route 53 +
└────────────────┘ Cert Manager
│
▼
https://<slug>.apps.melonn.comWhen something breaks, errors land in two places: the Cloud Build log, or the Cloud Run revision log. That's it.
Template flavors
Scaffolded projects ship with opinionated templates under templates/:
common/— shared frontend (React + Vite + Tailwind + shadcn/ui), backend skeleton,cloudbuild.yaml,.claude/agents,Dockerfile,app.config.json.google/— Cloud Run-specific overlay. Secret Manager helpers, IAP auth middleware,dns.recordhooks.backend/(Node) vsbackend-python/(FastAPI) — picked by the interview's Q4.stack-node//stack-python/— Claude Code agents tuned for each language.
The AWS overlay was retired on 2026-04-24; google is the only active cloud.
Development
# Clone and bootstrap
git clone https://github.com/whiteghost-melonn/whiteghost_cli
cd whiteghost_cli
npm install
# Build
npm run build
# Link locally so `whiteghost` runs your working copy
npm link
# Try it out in a fresh folder
mkdir /tmp/test-app && cd /tmp/test-app
whiteghost initsrc/ is TypeScript, compiled to dist/. Templates under templates/ are
copied verbatim at scaffold time — edit them and re-link to iterate.
Project layout
whiteghost_cli/
├── src/
│ ├── index.ts # commander entry point
│ ├── interview.ts # the 5-question interview
│ ├── init.ts # scaffolding
│ ├── login.ts # Google OAuth flow
│ ├── reconcile.ts # dep graph + block runner
│ ├── provision.ts # /provision orchestration
│ ├── deploy.ts # live status from Cloud Run
│ ├── client.ts # credentials + admin-app HTTP client
│ ├── preflight.ts # tool-version checks
│ └── commands.ts # command reference table
└── templates/ # scaffold inputs (see above)Who built this
CTR1 — Daniel Castrillón, melonn platform.
License
Internal — melonn employees and contractors only. Not open source. If you're reading this outside the melonn org, you probably took a wrong turn. 👻
┏┳┓┏━╸╻ ┏━┓┏┓╻┏┓╻
┃┃┃┣╸ ┃ ┃ ┃┃┗┫┃┗┫
╹ ╹┗━╸┗━╸┗━┛╹ ╹╹ ╹built with melonn